Regulatory scrutiny, economic conditions and cyber threats rank as top risks, new research shows

More organizations are realizing that additional risk management sophistication is warranted given the fast pace in which complex risks are emerging, according to a survey by global consulting firm Protiviti and the Enterprise Risk Management (ERM) Initiative at the North Carolina State University’s Poole College of Management.

The fourth annual joint survey assessing the current risk environment, titled Executive Perspectives on Top Risks for 2016, was released on Tuesday. It summarizes the concerns of 535 board members, C-suite and other top-level executives around the world and across industries, including 250 respondents based in the United States and 285 respondents based outside the U.S.

In the survey, respondents rate the significance of 27 risk issues for the coming year, spanning three risk categories: macroeconomic, strategic and operational. Regulatory change and heightened regulatory scrutiny was the number one risk cited by survey respondents for the fourth consecutive year, highlighting its dominance on the minds of board members and executives worldwide, Protiviti said in a media release. “The majority (60%) of respondents believe this risk will continue to have a significant impact on their organizations, indicating business executives remain highly concerned about the effect of the regulatory landscape on their strategic direction.”

Rounding out the top 10 risks identified as having a “significant impact” on their businesses:

• Economic conditions in markets currently served may significantly restrict growth opportunities for the organization (60%);

• The organization may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt its core operations and/or damage its brand (57%);

• Ensuring privacy/identity management and information security/system protection may require significant resources for the organization (53%);

• The organization’s succession challenges and ability to attract and retain top talent may limit its ability to achieve operational targets (52%);

• Rapid speed of disruptive innovations and/or new technologies within the industry may outpace the organization’s ability to compete and/or manage the risk appropriately, without making significant changes to its business model (51%);

• Anticipated volatility in global financial markets and currencies may create significantly challenging issues for the organization to address (50%);

• Resistance to change may restrict the organization from making necessary adjustments to the business model and core operations (49%);

• Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in the organization’s existing customer base (46%); and

• The organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect core operations and achievement of strategic objectives (45%). [click image below to enlarge]

“The results of our latest survey show that key stakeholders’ expectations regarding the need for greater transparency about the nature and magnitude of organizations’ risks continue to be high,” said Patrick Scott, Protiviti executive vice president of industry groups, in the release.

Jim DeLoach, a managing director with Protiviti, added that “pressures from boards, volatile markets, intense competition, demanding regulatory requirements, new technologies and other dynamic forces are leading to increasing calls for management to design and implement effective risk management capabilities to identify and assess organizations’ key risk exposures, with the goal of reducing them to an acceptable level.”

The release noted that two new risks made it onto this year’s top 10 list: the rapid speed of disruptive innovations and/or new technologies within the industry (#6) and anticipated volatility in global financial markets and currencies (#8). These newly identified concerns bumped two former risks off the top 10 list: concern over the ability to manage an unexpected crisis that could impact reputation (#8 in 2015) and the ability to meet performance expectations relative to competitors (#10 in 2015).

“Interestingly, we found boards of directors, CEOs and other members of the executive team report differing views of the top risk exposures facing their organizations,” concluded Dr. Mark Beasley, Deloitte professor of enterprise risk management and NC State ERM Initiative director. “The level of impact of risk concerns among board members is noticeably less risky compared to the executive team, who see the outlook for the next 12 months as more risky. These findings suggest there is a strong need for discussion and dialogue between management and the board to ensure the organization is focused on the right emerging risk exposures.”